In addition, DNS and CISA have identified executive branch agency domains impacted by the campaign and notified these agencies about the incident.

Global DNS infrastructure hackers are modifying executive branch agencies’ domain name resources locations, the U.S. Computer Emergency Readiness Team (US-CERT) indicated. They also are using the following techniques as part of the global DNS infrastructure hijacking campaign:

Compromise user credentials or obtain them via an account that can make changes to DNS records.

CISA also has issued a global DNS infrastructure campaign emergency directive that will remain in place until further notice. The directive requires executive branch agencies to provide CISA with status and completion reports to verify that they have taken action to mitigate global DNS infrastructure campaign attacks.